Privacy reigns: How to prepare for ad tech disruption in 2020


Everyone ‘knows’ about privacy. But who really understands it – specifically, whether it’s a matter for urgent action, beyond deploying a few new pop-ups on your website? This attitude of ‘everyone’s focused on privacy, so I should be too’ feels strangely reminiscent of the early days of ‘the cloud’ or ‘big data’ – it’s front of mind, but not exactly amounting to much in terms of real action.

Here we demystify an area of the privacy revolution that really does require action. We reveal how to prepare for the next frontier – a world beyond third-party cookies.

A brief history of the privacy revolution

Cultural lens: Cambridge Analytica’s use of Facebook data to influence the 2016 US elections was the catalyst for intense public scrutiny over the way organisations (especially tech giants) handle user data. Spooked by the thought of their data being used for such mind-bending, politically powerful magic, once-trusting citizens were suddenly upright and attentive to how their data was being shared.

Legal lens: Although regulations can be slow to catch up even in the best of times, we then saw the relatively rapid introduction of strict new privacy regulations. The EU’s General Data Protection Regulation (GDPR) kicked things off (you can read DataTrue’s handy guide for a quick rundown) and when we finally felt on top of that, the California Consumer Privacy Act (CCPA) appeared. But does mere compliance with these regulations mean organisations are really thinking differently about privacy? That’s yet to be seen.

Digital lens: From a marketer’s perspective, the biggest impact has undoubtedly been the changes to treatment of third-party (3P) cookies. Apple introduced its slew of Intelligent Tracking Prevention (ITP) policies (Marieke Pots has written a good summary). Firefox got creative with Enhanced Tracking Protection (ETP). And then Google finally joined the party, announcing that the Chrome browser would sunset its support for third-party cookies by 2022 (despite not bringing any new acronyms to the table). And that was officially the last nail in the coffin: RIP 3P.

Google’s approach vs Apple’s approach: Google has historically let users choose how they want their data to be treated, by opting in or out of third-party cookies as they wish. This is not exactly a bold ‘user first’ policy. The elephant in the room, of course, is the fact that ad revenue makes up about 82% of Google’s total revenue, contributing a cool US$38 billion in Q4 2019 alone.

Apple, on the other hand, has all but thrown out the third-party cookie jar entirely, deeming cookies unsafe and against users’ best interests. Sceptics argue that this is only partly out of genuine concern for user protection, and mostly a strategic differentiator from the likes of Google and Facebook, which have much more skin in the advertising game. Enter Apple, the white knight of user protection, here to save the day(ta). Others have said the Apple approach is yet another walled-garden tactic to funnel the world through the App Store, pointing to the company’s serious double-standards when it comes to web versus mobile privacy. A tangled web, indeed.  

 The ad tech impact in 2020

Put simply, doing away with third-party cookies means the advertising technology that currently relies on them for targeting (that is, almost all ad tech) will soon become obsolete. This is a huge deal – so huge it can’t possibly be overstated. A case in point: the dramatic share price drops of major ad tech companies like Criteo (NASDAQ: CRTO) as key announcements roll in.

Source: Yahoo! Finance (CRTO share price data only)

At the same time, isn’t chaos often the driver of genuine growth? This is truly an interesting time for web folk. You might even sense subtle undertones of nervous excitement, anticipating all the innovation and potential.

Preparing for a post-3P world

Check out this quick visual for a breakdown of first, second- and third-party data.

First-party: Unsurprisingly, we now need to start finding ways to identify users that don’t rely on third-party cookies. If you’ve ever wondered whether there’s merit in creating a login for your website, a loyalty program or a newsletter sign-up, now is the time to stop wondering and just do it. The business case is stacking up: building out better first-party data is one of the key ways we can stay on the safe side as third-party cookies become obsolete. Dust off your white hats – this is the clean way forward.

Second-party: The focus on first-party data creates an emerging space for a kind of ‘neutral ground’ Data Management Platform (DMP), similar to the solution currently being used by Google’s new Ads Data Hub. It’s essentially a ‘safe’ space for sharing first-party data between advertisers and publishers, without inviting third parties to the table. Our guess is that the sun is just rising on the days of second-party data sharing.

A new party altogether: While we focus on getting to the first and second party, there’s also a party going on in Google’s Privacy Sandbox. This is, naturally, a very Silicon Valley solution: open-sourcing the development of technical alternatives to third-party cookies, hoping that interested parties (developers, advertisers and analysts alike) will come forth and save the day via golden ticket GitHub submissions. Although only a few half-baked theories are being thrown around at the moment, we say it’s worth watching this space. Odds are there will be more substance thrown into the sandbox soon enough.

Smarter contextual targeting: Finally, where all else fails in user-level targeting, our guess is that contextual advertising will take up some of the slack too. However, it will definitely have to smarten up to broaden its appeal as an alternative. Our money is on the development of more AI-driven approaches within contextual advertising.

Preparing for more fundamental change

It’s true that we need to be better equipped to respond quickly, as the changes in this space are not likely to stop any time soon. But while we’re fixated on the intricacies of browsers and cookies, there’s also a more fundamental need for a proactive review of how we ‘do’ privacy as organisations. How do our broader policies actually play out on the office floor?

Key questions to kick-start this process:

  • Do we even know if we are complying with global data privacy regulations right now? Can we measure and demonstrate this?
  • How are we future-proofing our digital marketing? What are we doing to reduce our reliance on third-party cookie technology?
  • Are we clear about who is responsible for data privacy in our business?
  • Could we readily map all the areas of the business that handle user data? Are they all on the same page when it comes to how this is handled?
  • Is the privacy statement or policy on our site user-friendly and straight-talking? (Check out Disney’s example for some inspiration.)

Although people don’t always like to hear that these things are ultimately all about the mystical, intangible world of corporate culture, it’s starting to look like this is precisely how we’ll stand or fall when it comes to privacy in 2020 – no matter how many consent pop-ups we deploy.